Leak at Auchan
On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers — names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.
- Victim
- Auchan
- records
- 500.0K
On 19 November 2024, Auchan — one of France's largest supermarket and hypermarket chains — notified affected customers that its loyalty programme had been breached, exposing the personal data of more than 500,000 account holders. It was the retailer's second loyalty-data incident in roughly a year.
The compromise was limited to loyalty ("fidélité") accounts. Auchan stated that no banking data, passwords or loyalty-account PIN codes were exposed in the attack.
The exposed data included:
- Names and first names
- Email and postal addresses
- Phone numbers
- Dates of birth
- Family composition / household details
- Loyalty card numbers and loyalty "kitty" (cagnotte) balances
Auchan said it contained the attack quickly and put additional safeguards in place, including reinforced controls over loyalty-balance redemption to prevent points being stolen. The retailer reported the incident to France's data-protection authority (CNIL) and the relevant cyber-defence services, and warned customers to be alert to phishing emails, texts and calls that could exploit the leaked information.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/auchan-retailer-data-breach-impacts-hundreds-of-thousands-of-customers/
- securityweek.comhttps://www.securityweek.com/hundreds-of-thousands-affected-by-auchan-data-breach/
- zataz.comhttps://www.zataz.com/nouveau-piratage-auchan-cartes-fidelite-exposees/
- lemondeinformatique.frhttps://www.lemondeinformatique.fr/actualites/lire-encore-pirate-auchan-alerte-sur-une-fuite-de-donnees-clients-97652.html